(This article was originally published in Law360 and has been modified for this blog.)

Companies in a range of industries that contract with the U.S. Government—including aerospace, defense, healthcare, technology, and energy—are actively working to assess whether or not their information technology systems comply with significant new restrictions that will take effect on August 13, 2020.  These new restrictions prohibit the use of certain Chinese telecommunications equipment and services, and a failure to comply can have dramatic consequences for these companies.  The new restrictions also will have an immediate impact on mergers and acquisitions involving a company that does—or hopes to do—business with the Federal government.  In this article, we highlight some key considerations for M&A practitioners relating to these restrictions.

Background

On July 14, 2020, the U.S. Government’s Federal Acquisition Regulatory Council (“FAR Council”) published an interim rule to implement Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (“FY19 NDAA”).[1]  When the new rule takes effect on August 13, it will prohibit the Department of Defense and all other executive branch agencies from contracting—or extending or renewing a contract—with an “entity” that “uses” “covered telecommunications equipment or services as a substantial or essential part of any system.”  The restrictions cover broad categories of equipment and services produced and provided by certain Chinese companies—namely Huawei, ZTE, Hytera, Hangzhou Hikvision, Dahua, and their affiliates.[2]

The new rule will be applicable to all contracts with the U.S. Government, including those for commercial item services and commercially available-off-the-shelf products.[3]  Companies with a single one of these contracts will soon have an ongoing obligation to report any new discovery of its internal “use” of certain covered telecommunications equipment and services to the Government within one business day with a report of how the use will be mitigated ten business days later.[4]  Further, although companies can seek to obtain a waiver on a contract-by-contract basis from agencies, these waivers must be granted by the head of the agency, and may only extend until August 13, 2022 at the latest.[5]

The new rule is the second part of a two-stage implementation of Section 889’s restrictions on covered telecommunications equipment and services in Government contracting.  It builds on an earlier rule that implemented Section 889(a)(1)(A) of the FY19 NDAA on August 13, 2019 by prohibiting an executive branch agency from acquiring certain covered telecommunications equipment or services that is a substantial or essential part of any system.[6]

The new rule is expansive in scope, and its effects will be felt far beyond the traditional defense industrial base.  Thus, mergers and acquisitions practitioners are well advised to become familiar with the rule and consider how it might impact any future transaction where an acquisition target does at least some business with the Government or has aspirations to do so in the future.


Continue Reading M&A and Section 889: Due Diligence and Integration Considerations

On July 10, 2020, the interim rule implementing Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. No. 115-232) was released by the U.S. Government’s Federal Acquisition Regulatory Council. Section 889 prohibits the U.S. Government from buying (as of August 2019)—or contracting with an entity that uses

It goes without saying that the COVID-19 pandemic has significantly affected the Department of Defense (“DoD”) and the defense industrial base.  And while Congress has taken steps to mitigate these impacts, the sheer scale of the pandemic’s effects pose a continuing challenge to both DoD and its contractors.  Now a group of major defense contractors has submitted a pair of joint letters to the Pentagon and OMB highlighting the need for further action and the risk to the defense industrial base if such actions are not taken.

Continue Reading Defense Contractors Say Section 3610 and Other Contractor Support Measures Require Relief

In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government (“USG”).  Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services (“ICTS”) to the USG.  As these requirements begin to take hold, federal contractors should be mindful of potential impacts and the actions that can be taken now to prepare for increased USG scrutiny of their supply chain security.

Continue Reading Contractor Supply Chain Readiness – An Update on Expected Regulatory Changes

Late last year, a spokesman for the Department of Defense announced without fanfare that the agency would increase audits of certified cost or pricing data under the Truth in Negotiations Act (“TINA”).  While the full effect of that enhanced focus on TINA compliance remains to be seen, a recent decision by the Armed Services Board of Contract Appeals (“ASBCA”) provides helpful guidance for navigating upcoming TINA audits and defending against defective pricing claims, particularly in situations involving an on-going program where documents contain both facts and judgmental estimates.

Continue Reading With Potential New TINA Audits on the Horizon, the ASBCA Provides a Helpful Primer on Defending Against Defective Pricing Claims

At the end of last month, the Department of Defense (“DoD”) issued a class deviation to implement Section 2821 of the National Defense Authorization Act for Fiscal Year 2020 (“FY20 NDAA”), which seeks to reduce dependence on Russian energy by prohibiting the acquisition of energy sourced from inside Russia for DoD’s main operating bases in

Last week, DoD released a draft of its much-anticipated guidance implementing Section 3610 of the CARES Act, which authorizes the government to reimburse qualifying contractors for the costs of providing certain paid leave to employees as a result of the COVID-19 pandemic.  DoD previously published a collection of memoranda, Q&A documents, and a class deviation addressing Section 3610 reimbursement, but the new draft guidance (“Guidance”), which includes a “reimbursement checklist” and accompanying instructions, provides significantly more detail regarding the process for requesting and substantiating claims for reimbursement under the statute.

A number of open questions remain pending the issuance of final guidance, as discussed below, but the contours of DoD’s Section 3610 process are becoming increasingly clear.  Contractors interested in pursuing recovery under the statute should start preparing now to satisfy these emerging rules and requirements.


Continue Reading DoD Releases Draft Section 3610 Reimbursement Guidance

Defense Department leaders and agencies have been granted much-needed flexibility to respond to the coronavirus pandemic.  Last week, Under Secretary of Defense for Acquisition & Sustainment Ellen Lord delegated approval authority for Other Transaction Agreements (“OTs”) related to the coronavirus response, consistent with Section 13006 of the CARES Act.
Continue Reading Other Transaction Authorities Given Greater Flexibility to Foster Innovation in Coronavirus Response

As the COVID-19 virus extends its global reach, defense contractors may be called upon to begin implementing their contracts’ mission-essential services plans. These plans, required by DFARS 252.237-7023, facilitate mission-essential functions in extended crisis situations, including pandemics, which are explicitly noted in the DFARS. As the coronavirus outbreak continues, defense contractors should check whether their contracts include this clause and assess their readiness to implement the requirement if DoD requests activation of the company’s plan.
Continue Reading The Show Must Go On: Mission-Essential Services During the Coronavirus Outbreak

On January 31, the Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”).  This is the fourth iteration of the CMMC that DoD has publicly released since it issued the first draft in October, and it is intended to be the version that auditors will be trained against, and that will eventually govern defense contractors’ cybersecurity obligations.  (We discussed the draft versions of the CMMC in earlier blog posts, as well as DoD’s Version 1.0 release announcement.)

As outlined in more detail below, the CMMC is a framework that “is designed to provide increased assurance to the DoD that a DIB [Defense Industrial Base] contractor can adequately protect CUI [Controlled Unclassified Information] at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.”

DoD stated publicly that it plans to add CMMC requirements to ten Requests for Information (“RFIs”) and ten Requests for Proposals (“RFPs”) by the end of this year, with contractors and subcontractors expected to meet all applicable CMMC requirements at the time of award.  DoD has indicated that these RFPs may involve relatively large awards, as it anticipates that each award will impact approximately 150 different contractors at all levels of the supply chain and at various levels of CMMC certification.  DoD’s goal is to have CMMC requirements fully implemented in all new contract awards by Fiscal Year 2026.


Continue Reading A Closer Look at Version 1.0 of DoD’s Cybersecurity Maturity Model Certification